Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32324
HistoryJul 14, 2015 - 12:00 a.m.

NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability

2015-07-1400:00:00
vulners.com
38
JSON
               VMware Security Advisory

Advisory ID: VMSA-2015-0005
Synopsis: VMware Workstation, Player and Horizon View Client for
Windows updates address a host privilege escalation
vulnerability

Issue date: 2015-07-09
Updated on: 2015-07-09
CVE number: CVE-2015-3650

  1. Summary

    VMware Workstation, Player and Horizon View Client for Windows
    updates address a host privilege escalation vulnerability.

  2. Relevant Releases

    VMware Workstation for Windows 11.x prior to version 11.1.1
    VMware Workstation for Windows 10.x prior to version 10.0.7
    VMware Player for Windows 7.x prior to version 7.1.1
    VMware Player for Windows 6.x prior to version 6.0.7
    VMware Horizon Client for Windows (with Local Mode Option) prior to
    version 5.4.2

  3. Problem Description

    a. VMware Workstation, Player and Horizon View Client for Windows
    host privilege escalation vulnerability.

    VMware Workstation, Player and Horizon View Client for Windows do
    not set a discretionary access control list (DACL) for one of
    their processes. This may allow a local attacker to elevate their
    privileges and execute code in the security context of the
    affected process.

    VMware would like to thank Kyriakos Economou of Nettitude for
    reporting this issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the identifier CVE-2015-3650 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware Product Running Replace with/
    Product Version on Apply Patch
    ============= ======= ======= ===============
    VMware Workstation 11.x Windows 11.1.1
    VMware Workstation 10.x Windows 10.0.7

    VMware Player 7.x Windows 7.1.1
    VMware Player 6.x Windows 6.0.7

    VMware Horizon Client for 5.x Windows 5.4.2
    Windows (with Local Mode Option)

    VMware Horizon Client for 3.x any not affected
    Windows

  4. Solution

    Please review the patch/release notes for your product and
    version and verify the checksum of your downloaded file.

    VMware Workstation

    https://www.vmware.com/go/downloadworkstation

    VMware Player

    https://www.vmware.com/go/downloadplayer

    VMware Horizon Clients

    https://www.vmware.com/go/viewclients

  5. References

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650

  1. Change log

    2015-07-09 VMSA-2015-0005
    Initial security advisory.

  1. Contact

    E-mail list for product security notifications and announcements:
    http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

    E-mail: security at vmware.com
    PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Advisories
    http://www.vmware.com/security/advisories

    Consolidated list of VMware Security Advisories
    http://kb.vmware.com/kb/2078735

    VMware Security Response Policy
    https://www.vmware.com/support/policies/security_response.html

    VMware Lifecycle Support Phases
    https://www.vmware.com/support/policies/lifecycle.html

    Twitter
    https://twitter.com/VMwareSRC

    Copyright 2015 VMware Inc. All rights reserved.

Related

nessus 3
openvas 2
kaspersky 1
cve 1
vmware 1
prion 1
securityvulns 1
nessus
nessus
VMware Player 6.x < 6.0.7 / 7.x < 7.1.1 DACL Privilege Escalation (VMSA-2015-0005)
2015-07-16 00:00:00
VMware Workstation 10.x < 10.0.7 / 11.x < 11.1.1 DACL Privilege Escalation (VMSA-2015-0005)
2015-07-16 00:00:00
VMware Horizon View Client 5.x < 5.4.2 DACL Privilege Escalation (VMSA-2015-0005)
2015-07-16 00:00:00
openvas
openvas
VMware Player Invalid DACL Privilege Escalation Vulnerability - Windows
2017-02-08 00:00:00
VMware Workstation Invalid DACL Privilege Escalation Vulnerability - Windows
2017-02-08 00:00:00
kaspersky
kaspersky
KLA10624 Privelege escalation vulnerability in VMware products
2015-07-09 00:00:00
cve
cve
CVE-2015-3650
2015-07-10 17:59:00
vmware
vmware
VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability
2015-07-09 00:00:00
prion
prion
Design/Logic Flaw
2015-07-10 17:59:00
securityvulns
securityvulns
VMWare applications privilege escalation
2015-07-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:32324
nessus3openvas2kaspersky1cve1vmware1prion1securityvulns1